Norwegian Data Protection Authority said that compromised data included GPS location and user profile information, which could reveal their sexual orientation and therefore merit special protection."Users were not able to exercise real and effective control over the sharing of their data," said the authority's director-general, Bjorn Erik Thon."Business models that involve forcing the user to agree to something, and without explaining well what they agree to, are not in line with the law."The Data Protection Authority said the way Grindr asked users for permission to use their information went against GDPR's requirements for "valid consent".Grindr's spokesperson in Norway confirmed the state broadcaster NRK that it had received a letter.